Skip to main content
close search
site logo
Dive Brief

Qualys confirms data breach related to Accellion after documents leak

Published March 4, 2021
David Jones's headshot
Reporter
Jp Valery for Unsplash

Dive Brief:

  • Cloud security firm Qualys confirmed it was the subject of a data breach related to the zero-day exploit in the Accellion FTA file transfer platform, which the cybersecurity firm used for customer support, the company announced Wednesday
  • Qualys said the breach had no impact on its production environments, code base or customer data hosted on the Qualys Cloud Platform, according to a blog by Ben Carr, CISO at the cybersecurity firm. 
  • Qualys has retained FireEye Mandiant to help it further investigate the incident, which involved a zero-day vulnerability that Accellion discovered on Dec. 21 in another customer’s environment. Qualys applied a hotfix the following day and deployed additional patches along with additional security measures, the company said.

Dive Insight:

The disclosures Wednesday came just hours after the Clop ransomware gang began posting documents, including purchase orders, business scans and other forms that involved customers of Qualys on the Dark Web. 

It raises the possibility that Qualys is the latest victim of a ransomware attempt, as the gang has threatened to release information stolen from numerous other companies, law firms and other entities that were impacted by the Accellion breach. 

"Qualys had deployed the Accellion FTP server in a segregated DMZ environment, completely separate from systems that host and support Qualys products to transfer information as part of our customer support system," Carr wrote in the blogpost. "Qualys chose the Accellion FTA solution for encrypted temporary transfer of manually uploaded files."

After applying the hotfix and additional patches in late December, Carr said Qualys received an integrity alert on Dec. 24 and the FTA server was isolated from the network. Qualys later shut down the Accellion FTA servers and provided customers with alternatives for file transfer. 

The threat actor likely only released a few of the documents they have in their possession, just to demonstrate that they gained access to certain files, according to researchers from security firm Black Kite. 

"I don’t know the full extent of what they got off the file share, but it has the potential to affect Qualys customers," Bob Maley, chief security officer from Black Kite said. 

Qualys represents the latest in a string of companies and other organizations impacted by the Accellion breach. Grocery chain Kroger, the law firm of Jones Day, the Reserve Bank of New Zealand and the Office of the Washington State Auditor are among the dozens of entities impacted by the breach.

Starting in December, malicious actors began to exploit a vulnerability in Accellion FTA to install a web shell called DEWMODE, according to a blogpost by FireEye. 

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell